Podlove Podcast Publisher

The one and only next generation podcast publishing system. Seriously. It's magical and sparkles a lot.

v4.5.2Eric TeubertUpdated Added 3k+ installs88% rating100% support resolved
18
Score
2,333
Errors
1,435
Warnings
+0
Change

Category Scores

Security0
Repo52
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

3,768 findings

Security

2,491

10 issue groups

Maintainability

897

11 issue groups

I18n

214

4 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <small><em>({$activity['description']})</em></small>"'.895
Category
Security
Occurrences
895
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" <small><em>({$activity['description']})</em></small>"'.

ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $indices_sql412
Category
Security
Occurrences
412
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $indices_sql

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.262
Category
Security
Occurrences
262
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.227
Category
Security
Occurrences
227
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGSecurityRequest data is not unslashed$_GET[$var_name] not unslashed before sanitization. Use wp_unslash() or similar209
Category
Security
Occurrences
209
Severity
warning

Sample message

$_GET[$var_name] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET[$var_name]208
Category
Security
Occurrences
208
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET[$var_name]

ERRORMaintainabilitybadly named filesFile and folder names must not contain spaces or special characters.204
Category
Maintainability
Occurrences
204
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.199
Category
Maintainability
Occurrences
199
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().195
Category
Maintainability
Occurrences
195
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;129
Category
Maintainability
Occurrences
129
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Show 15 more
WARNINGSecurityInput is not validated127
Category
Security
Occurrences
127
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET[&#039;action&#039;]. Check that the array index exists before using it.

ERRORI18nMissing Translators Comment109
Category
I18n
Occurrences
109
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORSecurityDatabase parameter is not escaped81
Category
Security
Occurrences
81
Severity
error

Sample message

Unescaped parameter $indices_sql used in $wpdb->get_results()\n$indices_sql assigned unsafely at line 440.

ERRORI18nMissing Arg Domain68
Category
I18n
Occurrences
68
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGSecurityMissing nonce verification56
Category
Security
Occurrences
56
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilitySchema Change44
Category
Maintainability
Occurrences
44
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORMaintainabilitydate date42
Category
Maintainability
Occurrences
42
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORMaintainabilitycurl curl setopt21
Category
Maintainability
Occurrences
21
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

WARNINGMaintainabilityNot In Footer21
Category
Maintainability
Occurrences
21
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORI18nUnordered Placeholders Text19
Category
I18n
Occurrences
19
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$d", but got "%d, %d" in 'Total import progress: %d/%d'.

ERRORI18nNo Empty Strings18
Category
I18n
Occurrences
18
Severity
error

Sample message

The $text text string should have translatable content. Found: ''

WARNINGMaintainabilityNon-prefixed global variable16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$contributor&quot;.

WARNINGMaintainabilityMissing Version15
Category
Maintainability
Occurrences
15
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

WARNINGSecuritywp redirect wp redirect14
Category
Security
Occurrences
14
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WARNINGMaintainabilityerror log print r11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

External Connections

Potential connections found in static code analysis.

51 domains

Outbound calls

281

External assets

0

Incoming endpoints

19

Notable Domains

dc-js.github.com15 · outbound
dc-js.github.io10 · outbound
stackoverflow.com7 · outbound
creativecommons.org5 · outbound
auphonic.com4 · outbound

Platform / Reference Domains

github.com152 · platform/reference
w3.org18 · platform/reference
opensource.org2 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/podlove/v1/episodes/(?P<id>[\d]+)REST

register_rest_route

/wp-json/podlove/v1/analytics/episodesREST

register_rest_route

/wp-json/podlove/v1/analytics/episodes/(?P<id>[\d]+)REST

register_rest_route

/wp-json/podlove/v1/analytics/episodes/(?P<ids>[\d]+,[\d,]+)REST

register_rest_route

/wp-json/podlove/v1/episodesREST

register_rest_route

/wp-json/podlove/v1/showREST

register_rest_route

Admin AJAX endpoints8
wp_ajax_podlove-template-authenticated

wp_ajax

wp_ajax_podlove-authenticated

wp_ajax

wp_ajax_podlove-add-production-for-auphonic-webhookauthenticated

wp_ajax

wp_ajax_podlove-cron-diag-checkauthenticated

wp_ajax

wp_ajax_podlove-cron-diag-startauthenticated

wp_ajax

wp_ajax_podlove-hide-donation-bannerauthenticated

wp_ajax

wp_ajax_podlove-refresh-auphonic-presetsauthenticated

wp_ajax

wp_ajax_podlove-tracking-delete-head-requestsauthenticated

wp_ajax

Score History

2 score snapshots

+0
1007550250Jun 21, 2026, 12:20 PM UTC Score 18/100 Plugin v4.5.1 Plugin Check 2.0.0 2,326 errors, 1,429 warningsJul 6, 2026, 10:32 AM UTC Score 18/100 Plugin v4.5.2 Plugin Check 2.0.0 2,333 errors, 1,435 warningsJun 21, 2026Jul 6, 2026

v4.5.2

18

Latest

Findings
3,768
Errors
2,333
Warnings
1,435
Check
2.0.0

v4.5.1

18

Score

Findings
3,755
Errors
2,326
Warnings
1,429
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Audio Album

4k+ active installs

99
99
List MixCloud

400 active installs

99
Yumpu E-Paper publishing

1k+ active installs

98
Podlove Web Player

4k+ active installs

97